This week's articles
Adding Determinism and Safety to Uber IAM Policy Changes
Uber's production environment relies on a complex network of microservices and assets governed by IAM policies. Managing these policies effectively without disrupting production is challenging, as highlighted by an incident where an accidental IAM policy change caused Uber Eats outages. To address this, Uber introduced a Policy Simulator tool that allows policy authors to preview the impact of proposed changes in real time.
#aws
#iam
#build
Introducing the AWS Infrastructure Canarytoken
This post introduces AWS Infrastructure Canarytoken, a new free tool that helps deploy decoy AWS resources (DynamoDB, S3, SSM Parameters, etc.) to detect attackers exploring compromised AWS accounts.
#monitor
#aws
#defend
Safe in the sandbox: security hardening for Cloudflare Workers
Built on the V8 JavaScript runtime, Workers benefits from V8's hardened security features, such as memory protection keys and compressed pointers. Cloudflare has implemented internal modifications to V8 to enhance security, using memory protection keys to isolate different scripts (isolates) from each other, preventing data leaks between them.
#cloudflare
#defend
#explain
#containers
IMDS Abused: Hunting Rare Behaviors to Uncover Exploits
This post is about how Wiz used a data-driven methodology to uncover and stop anomalous IMDS usage, and how that approach led them to discover a zero-day vulnerability being exploited in the wild in a popular web service.
#attack
#aws
#defend
Wiz Research Finds Risks in 20% of Vibe-Coded Apps
Wiz Research discovers one in five organizations exposed to systemic risks in vibe-coded applications. These risks include client-side authentication flaws, exposed API keys, permissive database access, and publicly accessible internal applications.
#defend
#ai
#build
|